Agenda

Third-party relationships can introduce significant cybersecurity and data privacy risks. This session will explore key frameworks, including the NIST Cybersecurity Framework, to help organizations effectively assess vendor security, protect sensitive data, and mitigate potential threats.

• A deep dive into common third-party risk management frameworks, including NIST
• How to apply these frameworks to increase resilience and strengthen vendor oversight
• Strategies for leveraging cross-disciplinary best practices across departments
• Real-world case studies on applying security controls in vendor management
• Practical steps for improving cybersecurity and data privacy in third-party relationships

Ideal for IT leaders, Chief Information Security Officers (CISOs), vendor managers, operations and business continuity professionals, risk officers and procurement and sourcing teams.

The third-party risk landscape is constantly evolving, with new regulations, emerging threats, and shifting industry expectations shaping how organizations manage vendor relationships. This session will explore the latest regulatory updates, key trends impacting third-party risk management, and best practices for staying ahead of the curve. Learn how to adapt your TPRM strategy to navigate regulatory changes, mitigate evolving risks, and enhance vendor oversight for long-term resilience.

• Insights into the latest third-party risk regulations and their impact on vendor management
• An overview of emerging trends shaping the future of TPRM
• Best practices for improving vendor oversight and mitigating evolving risks
• Strategies for adapting your TPRM program to regulatory shifts
• Lessons learned from real-world case studies

Ideal for compliance officers, risk managers, vendor management professionals, IT and security leaders, procurement teams, and anyone responsible for managing third-party risk.

SOC reports are a critical tool for assessing the security, availability, and integrity of a vendor’s systems—but only if you know how to interpret them effectively. This session will break down the different types of SOC reports, key sections to focus on, and how to translate findings into actionable vendor risk decisions. Whether you’re reviewing SOC 1, SOC 2, or SOC 3 reports, you’ll learn how to spot red flags, evaluate controls, and ask the right questions to protect your organization.

• The differences between SOC reports
• Key sections of a SOC report, what you can review and when to call in a SME to help interpret critical findings
• How to use the SOC to assess vendor controls and identify potential risks
• Red flags to watch for and follow-up questions to ask vendors
• How SOC reports fit into a broader third-party risk management strategy

Ideal for compliance officers, risk managers, vendor management professionals, IT and security leaders, procurement teams, and anyone responsible for managing third-party risk.

Your vendors rely on their own vendors—and that extended network can introduce risks you may not even see coming. Understanding fourth-party and nth-party risk is critical to strengthening your organization’s resilience and protecting sensitive data. This session will explore how to identify, assess, and mitigate risks beyond your direct vendors, ensuring you have visibility into the entire supply chain.

• The differences between third-party, fourth-party, and nth-party risk
• How to gain visibility into your vendors’ vendors
• Key strategies for assessing and mitigating extended supply chain risks
• Best practices for integrating fourth-party risk into your TPRM framework
• Real-world examples of how hidden risks can impact organizations

This session is ideal for vendor risk managers, IT and security professionals, procurement teams, compliance officers, and anyone responsible for third-party risk management.

As vendors increasingly integrate artificial intelligence into their products and services, the risks associated with AI—bias, security vulnerabilities, regulatory uncertainty, and lack of transparency—become critical concerns for organizations. This session will explore how to assess and manage third-party AI risk, ensuring your vendors’ AI models align with security, privacy, and ethical standards. Learn how to ask the right questions, evaluate AI-related risks, and implement best practices for responsible AI oversight.

• The key risks associated with third-party AI, including bias, security, and compliance challenges
• How to assess AI-driven vendors and their models for transparency and reliability
• Best practices for mitigating AI risks in vendor contracts and ongoing oversight
• Regulatory considerations and emerging frameworks for AI governance
• Real-world examples of AI risk impacting organizations and how to respond

Ideal for vendor risk managers, IT and security professionals, compliance officers, procurement teams, and anyone responsible for evaluating AI-driven third-party relationships.

How do you know if your vendor risk management (VRM) program is effective? Measuring success goes beyond checking boxes — it requires tracking meaningful metrics, demonstrating risk reduction, and effectively communicating value to stakeholders. This session will cover key performance indicators (KPIs), reporting strategies, and best practices for assessing and improving your VRM program. Learn how to turn vendor risk data into actionable insights that drive better decision-making and long-term resilience.

• The key metrics and KPIs for evaluating vendor risk management success
• How to communicate vendor risk performance to executives and board members
• Best practices for tracking risk reduction and continuous program improvement

Ideal for vendor risk managers, compliance and risk officers, IT and security leaders, procurement professionals, and anyone responsible for measuring and reporting on third-party risk.

Managing vendor risk is critical — but it’s only one piece of the puzzle. Without integrating third-party risk management (TPRM) into enterprise risk management (ERM), organizations risk missing key threats, duplicating efforts, and making uninformed decisions. This session will break down what ERM is, why it matters for vendor risk professionals, and how aligning TPRM with a broader risk strategy can improve visibility, efficiency, and risk mitigation across the organization.

• What enterprise risk management (ERM) is and why it matters for vendor risk
• How aligning TPRM with ERM improves decision-making and risk visibility
• Practical strategies for integrating vendor risk assessments into a holistic risk framework
• Connecting vendor risk to enterprise-wide goals

Ideal for vendor risk managers, procurement professionals, compliance officers, IT and security leaders, and anyone looking to elevate their vendor risk program by connecting it to broader organizational risk management.